regexes = {"regex": {"regexesSqlInjection": [{"regex": "select.+(from|limit)", "remarks": "", "score": ""},
{"regex": "(?:(union(.*?)select))", "remarks": "", "score": ""},
{"regex": "group(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "order(\\s*)+by(\\s*)", "remarks": "", "score": ""},
{"regex": "waitfor(\\s*)+delay(\\s*)+'\\d", "remarks": "", "score": ""}, {
"regex": "select([\\s\\S]*?)case([\\s\\S]*?)when([\\s\\S]*?)then([\\s\\S]*?)else",
"remarks": "", "score": ""},
{"regex": "convert\\(+(int|char)", "remarks": "", "score": ""},
{"regex": "sleep\\((\\s*)(\\d*)(\\s*)\\)", "remarks": "", "score": ""},
{"regex": "(insert|replace)(\\s*)+into.+values(\\s|)\\(", "remarks": "",
"score": ""},
{"regex": "exec.+(xp_cmdshell|master\\.dbo\\.)", "remarks": "",
"score": ""},
{"regex": "declare.+@.+exec.+@", "remarks": "", "score": ""}],
"regexesSqlInjectionLow": [{"regex": "benchmark\\((.*)\\,(.*)\\) ", "remarks": "", "score": ""},
{"regex": "base64_decode\\(", "remarks": "", "score": ""},
{"regex": "(?:from(\\s*)+information_schema(\\s*))", "remarks": "",
"score": ""},
{"regex": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
python+处理日志+处理URL防止SQL注入
最新推荐文章于 2023-07-10 20:51:40 发布